Global reach
Search
    • Grant Thornton in Hungary

          • The key to success is a partner with comprehensive knowledge and many years of experience. Our ambition is to serve dynamic organizations and we understand ourselves as specialists for the Central European region.

            Being a member firm of Grant Thornton enables us to represent the interests of our clients even outside of Central Europe. We think that the key to success is to have partners with comprehensive knowledge and many years of experience.

            Our consultants are specialists for the Central European region and our firm has strong links with Grant Thornton member firms in the region.

            Over the past years, Grant Thornton has built a strong position on the Hungarian market as a provider accounting, payroll, valuation and Corporate Finance services.

    • Contact us
    • References
    • Audit & Assurance

          • Audit & Assurance

            • Mandatory audits and voluntary audits of single-entity and consolidated financial statements
            • Obligatory and voluntary audits of annual financial statements and group financial statements
            • Audits of foundations
            • Due diligence audits
            • Audits pursuant to capital market law (listing prospectuses and investment fund annual reports)
            • High Level Reviews
            • Agreed upon procedures
            • Special audits (company transformations, mergers, special audits according to stock corporation law, etc.)
            • Accounting audits and management audits, especially as auditors of associations
            • Audits for fraud detection
    • Tax consultancy
    • Tax compliance
    • Accounting

          • Accounting

            • Journal entry of ongoing business transactions and computer-based record-keeping
            • Compilation of regular analysis reports and information on business development
            • Preparation of single-entity financial statements, notes to financial statements and drafting assistance for the report of the management board
            • Preparation of tax returns
            • Notifications to the Companies Register and other public authorities
    • Payroll

          • Payroll

            • Full-scale payroll services, calculation of salaries, taxes and contributions to be paid
            • Management of payroll reports, online sending of pay slips to employees, with password protection
            • Preparation and filing of data disclosures, returns and notifications to the authorities
            • Administration of new and leaving employees
            • Monitoring and administration of leaves and other absences
            • Preparation of employer’s certificates, tax certificates
            • Administration of terminations of employment, resignations, dismissals
            • Salary payments by bank transfer
            • Completion of tax and social security transfer orders
            • Social security benefit claims and administration
            • Performance of social security paying agent duties
            • Representation before the authorities in case of audits
            • Preparing reports
            • Payroll and employment administration advisory service
    • Strategic consultancy

          • SPECIAL AREAS OF EXPERTISE

            • Corporate governance by owner model
            • Succession management, generational change
            • CEO consulting
            • Creation of corporate strategy
            • Developing effective, collaborative, visible management
            • Development of sales organisations
            • Business mentoring for middle and senior managers
            • Interim management
            • Consultancy in case of planned outsourcing
            • Subsidies related to company formation
            • Business plans and feasibility studies
            • Consultancy and support prior to negotiations with banks
    • Transaction advisory service

          • Corporate Finance

            • Mergers, acquistions (sale side and purchase side Consulting)
            • Organization of tenders
            • Set up transaction structures
            • Due diligence
            • Project, debt and equity financing
            • Valuation services
            • Public and private capital market transactions (ECM, DCM)
    • Labour administration & HR services

          • Labour Administration

            • Payroll preparation administration: support for the payroll accounting activities, pre-processing of lost working time, vacation days, absences due to illness. Collecting the input data for and preparing them for payroll accounting.
            • Tasks arising in connection with working time banking system, monitoring the issuance of rest periods and ensuring compliance with the rules of maximum working time.
            • Preparing, updating and modifying of HR personnel materials. Drawing up the documentation necessary for terminations of employment.
            • If required, labour registration tasks, requesting social security and tax identification numbers.
            • Conducting internal audits at regular intervals, making recommendations for eliminating any deficiencies identified.

          • HR contact representation:

            • Maintaining contact with employees via the designated channel of communication, to answer everyday questions.
            • Designation of a liaison person between internal financial departments and payroll accounting.
            • Providing opinions with respect to dubious situations, being continuously available for consultation in HR-related questions.

          • HR Consultancy:

            • Development of HR processes, structural systematisation, overview and due diligence of positions and work organisation, organisational development consultancy.
            • Establishing compensation systems, with the examination of tax and expense consequences, as well as internal policies Creating cafeteria and grade systems.
            • Labour market consultancy, supporting recruitment and selection, from the identification of labour demand needs to implementing the onboarding process.
            • Surveying the needs for, as well as creating internal policies contributing to more efficient operations.
    • Valuation

          • Financial Valuations:

            • Company valuation
            • Valuation of intangible assets (know-how, brand name, licence, technology, software, etc.)
            • Business planning
            • Market modelling
            • Capitalization rate structuring
            • Purchase price allocation
            • Impairment testing (IFRS, US GAAP)
            • AMADEUS database research and benchmark studies for transfer pricing

          • Fixed Asset Valuation:

            • Real estate valuation
            • Machinery and equipment valuation
            • Collateral valuation
            • Independent technical advisory
            • Feasibility studies
            • Technical due diligence
            • Valuation for insurance purposes
            • Remaining life estimation
    • Controlling and management reporting

          • Controlling

            • Interim financial management
            • Reviewing of financial systems and processes
            • Design, implementation and operation of controlling and reporting systems
            • Management of the introduction of business intelligence (BI) and enterprise resource planning (ERP) systems
    • Accounting and Tax automation
    • Transfer Pricing Advisory

          • Transfer Pricing Advisory

            • Transfer pricing advisory
            • Preparation of transfer pricing documentation
    • Whistleblowing

          • Whistleblowing

    • NIS2 consultancy
  • Our experts
  • Insights
  • Glossary
    • Build your career at Grant Thornton

          • Build your career at Grant Thornton

            As a dynamic and growth-oriented company, we offer excellent career opportunities in an international environment.

            We welcome applications by both career-starter and experienced candidates in the following areas: tax consultancy, auditing, accounting and payroll, corporate consultancy, corporate finance and asset valuation.

  • Online offer
NewsNIS2: The decree on the IT requirements of the CyberCert Act has been promulgated

Search:

News

NIS2: The decree on the IT requirements of the CyberCert Act has been promulgated

2024. August 29., Thursday

On 24 June, the government decree containing the IT requirements of the Cybersecurity Certification and Cybersecurity Supervision Act entered into force. The promulgation of the implementing decree for the Act on cybersecurity certification and cybersecurity supervision (CyberCert Act) is a significant step for companies, prospective auditors and consultants alike.

 The 120-page document contains the precise requirements to start the preparation of the companies concerned and to plan their official cybersecurity audits starting in 2025.

Rules for a wide target group

The government decree provides a common list of requirements that should be applicable to all companies covered by the CyberCert Act, covering nearly 100 sectors of activity. This has resulted in a rather long, general but sufficiently detailed document.

The NIS2 applies to all companies that

  • employs more 50 persons, or
  • has an annual turnover of more than EUR 10 million, and
  • operates in one of the sectors considered critical from a strategical point of view.

Preliminary estimates suggest that around 2,500-3,000 businesses in Hungary could be directly impacted, with the potential for several times that number to be indirectly affected by this new provision.

The three chapters in the package

The decree sets out a risk management framework, a catalogue of measures and a catalogue of threats, which are to be implemented and applied by the companies affected by the legislation.

The risk management chapter contains the basic steps necessary to classify information systems and to monitor the implementation of the associated security measures. This chapter therefore means the regulation of the foundational measures. For companies that have not yet addressed information security risk management in depth, the chapter can also be seen as a form of help with that.

The risk management process will result in an inventory of the information systems used by the company and all the systems included will be classified in one of the security classes (basic, significant, high) set out in the decree. These three classes and the risk management framework itself in the decree have a number of similarities with existing international risk management standards, which will help to facilitate the transition between them.

A staggering number of security measures required

The classification will be used as the basis for the security measures to be introduced for systems, which will also be sought and tested in the mandatory audits. This includes more than 160 for the “basic”, more than 300 for the “significant,” and nearly 400 mandatory inspection and control points, as well as associated measures for the “high” security class. By comparison, the latest version of ISO 27001 Information Security Standard from 2022 only contains 93 control points.

In addition, some 530 additional security measures are also included in the decree, the use of which is not generally mandatory, but which companies may consider incorporating into their information security management systems, depending on their sector and activities.

To improve transparency, the security measures are grouped into 19 categories, such as: access control, training, systems monitoring, business continuity, incident management, supply chain security, etc.

For each category, the legislation not only requires adequate documentation and clear responsibilities of the companies concerned, but also organisational measures and adequate technological readiness in order to successfully pass the audits.

Mandatory but interchangeable

With specific cases in mind, the decree allows companies to derogate in certain cases from the rules set out in the catalogue of security measures issued. This may be the case, for example, where the technology used, the operating environment, the physical infrastructure or a public service does not allow certain measures to be put in place.

In special cases, the company may use its own substitute security measures, but in this case it must also document how the arrangements it uses are better than those in the decree. In addition, the company must ensure that the documentation is regularly reviewed, as circumstances may change over time. Substitute measures may only be implemented by companies at their own discretion and with written approval from the responsible manager.

Compliance can be painful

The promulgated decree also highlights that a significant proportion of companies covered by NIS2 will face serious challenges in complying with the legislation. For them, putting in place the mandatory security measures will require significant resources and, most importantly, considerable time, so it is advisable to start preparing as soon as possible in order to pass the first regulatory audit in 2025.

Related Services

NIS2 consultancy

The NIS2 rules apply to state and public administration bodies, as well as large and medium-sized private companies, as defined in detail in the law.

NIS2 mentoring

NIS2 mentoring is designed to support the responsible managers’ professional preparedness and effectiveness.

NIS2 GAP analysis

Comprehensive analysis and action plan to prepare to comply with the requirements.

NIS2 pre-audit

NIS2 internal audits are always conducted by a support team within the company.

Contact our expert

Péter Kóczé DIRECTOR | DIGITAL SERVICES
Budapest +36 30 491 8157
peter.kocze@hu.gt.com
Request a quote!

Newsletter

Stay informed about the latest professional news.

Subscribe

Read our previous news and analysis.

  • HU
  • EN
  • DE
    • Global reach